Hackers could haunt global air traffic control: researcher

Jul 27, 2012

An air traffic controller monitors flights while working in the Terminal Radar Approach Control center in 2011 in Denver, Colorado. Air traffic control software used around the world could be exploited by hackers to unleash squadrons of ghost planes to befuddle those entrusted to keep the skies safe, a security researcher said Thursday.

Air traffic control software used around the world could be exploited by hackers to unleash squadrons of ghost planes to befuddle those entrusted to keep the skies safe, a security researcher said Thursday.

Cyprus-based Andrei Costin demonstrated his findings at a Black Hat gathering of cyber defenders that ends Thursday in Las Vegas.

"This is for information only," Costin said as he outlined how someone with modest tech skills and about $2,000 worth of electronics could vex air traffic controllers or even stalk celebrities traveling in private jets.

"Everything you do is at your own risk."

Costin's target was an ADS-B system in place for aircraft to communicate with one another and with air traffic control systems at airports.

The system, which has been rolled out internationally in recent years in a multi-billion dollar upgrade, was designed to better track aircraft so airport traffic can flow more efficiently.

A perilous flaw is that the system is not designed to verify who is actually sending a message, meaning that those with malicious intent can impersonate aircraft either as pranks or to cause mayhem, according to Costin.

"There is no provision to make sure a message is genuine," he said.

"It is basically an inviting opportunity for any attacker with medium technical knowledge."

Air traffic controllers faced with a signal from a fake airplane resort to cross-checking flight plans, putting relevant portions of air space off limits while they work.

"Imagine you inject a million planes; you don't have that many people to cross-check," Costin said. "You can do a human resource version of a denial of service attack on an airport."

Denial of service attacks commonly used by hackers involve overwhelming websites with so many simultaneous online requests that they crash or slow to the point of being useless.

Aviation agencies are adept at identifying and locating "rogue transmitters" on the ground, but not at countering signals from drones or other robotic aircraft becoming more common and available, according to the researcher.

Another danger in the new-generation air traffic control system, according to Costin, is that position, velocity and other information broadcast by aircraft isn't encrypted and can be snatched from the air.

"Basically, you can buy or build yourself a device to capture this information from airplanes," Costin said.

He listed potential abuses including paparazzi being able to track private jets carrying celebrities or other famous people.

Costin showed how a friend was able to identify a plane broadcasting the identification numbers of Air Force One, the military jet used by the US president, and plot it on a map on an iPad.

"It can be a very profitable business model for criminals to invest a small amount of money in radios, place them around the world" and then sell jet tracking services or information about flights, the independent researcher said.

"If it was Air Force One, why does Air Force One show itself?" Costin wondered aloud. "It is a very high profile target and you don't want everyone to know it is flying over your house."

There are websites with databases matching aircraft registration numbers with listed owners.

(PhysOrg.com) -- Two NASA research aircraft will fly over the Baltimore-Washington area of northeastern Maryland through July as part of a mission to enhance the measurement of ground-level air quality from space.

(PhysOrg.com) -- Forty-five years ago, 27-year old Heinz Erzberger arrived at NASA Ames Research Center, Moffett Field, Calif. armed with a new doctorate in mathematics and engineering. In 1973 Erzberger began ...

(AP) -- The nation's air traffic control systems are vulnerable to cyber attacks, and support systems have been breached in recent months allowing hackers access to personnel records and network servers, according to a new ...

Recommended for you

The idea of "digital addiction" has returned to the fore with UCL researchers suggesting physical activity should displace the compulsive watching of television, internet surfing and video gaming. Often it ...

As evidence mounts that Germanwings flight 4U9525 was crashed deliberately by its co-pilot who locked the flight's captain out of the cockpit, there have been renewed calls to enforce a "two-person rule", ...

The approval federal aviation officials gave Amazon.com last week to test a specific drone design outdoors is already outdated, the company's top policy executive said Tuesday in written testimony to a Senate subcommittee.

Special operations troops heading to war zones are asking for commercial intelligence analysis software they say will help their missions. But their requests are languishing, and they are being ordered to use a flawed, in-house ...

We climbed out over the Mediterranean after take-off from Barcelona, veered off the Spanish coast, and pointed the nose northeast. Soon we'd be talking to controllers in Marseille and make landfall near Toulon. ...

A perilous flaw is that the system is not designed to verify who is actually sending a message, meaning that those with malicious intent can impersonate aircraft either as pranks or to cause mayhem

DDOS a runway? Make an airport inaccesible with a cloud of virtual planes overhead? Force approaching airplanes to take drastic evasive maneuvers in bad weather because of an illusionary possible collision course? The possibilities for mischief are endless.

There is no provision to make sure a message is genuine

that position, velocity and other information broadcast by aircraft isn't encrypted

Holy crap - who designs something like this? Decent encryption. Digital signatures. That's not rocket science. You have that in most any distributed product today as a 'must have' feature.

Holy crap - who designs something like this? Decent encryption. Digital signatures. That's not rocket science. You have that in most any distributed product today as a 'must have' feature.

That's because security was subsequently shown to be necessary. Rarely is it proactively included. We now use ssh rather than telnet. Google now funnels requests through ssl. Email now largely via smap.

It's hard to justify committing resources to defending against a hard to quantify threat. It's probably always going to be this way.

OTOH, maybe I'm being too cynical. Thoughtful (and ethical) designers could specify inclusion of security provisions (and perhaps inclusion of security cognizant members of the design team). Then it's up to managers to engage in whatever CYA activities they deem necessary.

In medical applications (which is what I'm working on) it's standard (to be more precise: it's absolutely required) to have user identification, user logging, encryption, secure connections and whatnot.This is to the point where the internal systems of most hospitals are positively forbidden to even have an outside/internet connection.'Secure data transport' literally consist of burning stuff to DVD and physically carrying it to another hospital.

And this is not the result of a lot of medical stuff getting hacked in the past. This is just common sense that someone with free/unauthorized access to medical data can do a lot of mischief.This seems no less obvious for any other system that can threaten life (transport, energy, etc.) to me. I'm completely dumbfounded that there is nothing of that sort in aviation.

I work as a Software Engineer for a financial group. We CANNOT release any software that is not secured/encrypted and basically fire walled to death. These are predominately internal applications; move to customer facing i.e. Internet accessible and the security rules go exponential. We have to obtain an independent penetration testing clearance at a minimum of every 6 months if the software is not modified and immediately on ANY code changes. We cannot use the same certified penetration testing company back-to-back to ensure we're not just getting the same report as last time. Basically we're paranoid!

We handle money and IF we were hacked no-one dies; I'd like to think that aviation security was even tighter, apparently NOT!

That's because security was subsequently shown to be necessary. Rarely is it proactively included. We now use ssh rather than telnet. Google now funnels requests through ssl. Email now largely via smap.

What security?

SSH is only secure if you ignore the leap of faith at the beginning.

Email is not secure. Who is validating the trust chain? There is currently no credible trust anchor available.

SSL is only secure if you believe ALL hundreds of intermediaries issuing certs are trustworthy. Given prior known incidents you can count me out.

In this case if signals were encrypted other pilots would not have access to them which is a large reason for this system. Same basic ideas apply to the VHF. Treating a navigational aid as secure is worse in my view than assuming it can provide false information at any time.

This system is no different than AIS used successfully for years. Your existing tools don't just go away.

Please sign in to add a comment.
Registration is free, and takes less than a minute.
Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.